Add config option to allow anonymous reporting

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-06-09 14:07:49 +02:00 · 2020-06-09 14:07:49 +02:00 · dac47d2abb
commit dac47d2abb
parent 2e64da11e3
14 changed files with 177 additions and 47 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -26,6 +26,7 @@ Also make sure to remove the `EnvironmentFile=` line from the systemd service an
 - Duplicate an event
 - Ability to handle basic administration settings in the admin panel
 - Added physical address change to the list of important changes that trigger event notifications
+- Config option to allow anonymous reporting

 ### Changed
 - Configuration handling (see above)
--- a/config/config.exs
+++ b/config/config.exs
@ -202,6 +202,9 @@ config :mobilizon, :anonymous,
      ],
      captcha: [enabled: false]
    }
+  ],
+  reports: [
+    allowed: false
  ]

 config :mobilizon, Oban,
--- a/config/dev.exs
+++ b/config/dev.exs
@ -92,6 +92,11 @@ config :mobilizon, :instance,

 # config :mobilizon, :activitypub, sign_object_fetches: false

+config :mobilizon, :anonymous,
+  reports: [
+    allowed: true
+  ]
+
 require Logger

 cond do
--- a/js/src/graphql/comment.ts
+++ b/js/src/graphql/comment.ts
@ -62,7 +62,7 @@ export const COMMENTS_THREADS = gql`
      }
    }
  }
-  ${COMMENT_RECURSIVE_FRAGMENT}
+  ${COMMENT_FIELDS_FRAGMENT}
 `;

 export const CREATE_COMMENT_FROM_EVENT = gql`
--- a/js/src/graphql/config.ts
+++ b/js/src/graphql/config.ts
@ -34,6 +34,9 @@ export const CONFIG = gql`
            }
          }
        }
+        reports {
+          allowed
+        }
        actorId
      }
      location {
--- a/js/src/types/config.model.ts
+++ b/js/src/types/config.model.ts
@ -39,6 +39,9 @@ export interface IConfig {
        };
      };
    };
+    reports: {
+      allowed: boolean;
+    };
    actorId: string;
  };
  maps: {
--- a/js/src/views/Event/Event.vue
+++ b/js/src/views/Event/Event.vue
@ -272,7 +272,7 @@
                      <b-icon icon="calendar-plus" />
                    </span>
                  </b-dropdown-item>
-                  <b-dropdown-item aria-role="listitem">
+                  <b-dropdown-item aria-role="listitem" v-if="ableToReport">
                    <span @click="isReportModalActive = true">
                      {{ $t("Report") }}
                      <b-icon icon="flag" />
@ -750,14 +750,25 @@ export default class Event extends EventMixin {

  async reportEvent(content: string, forward: boolean) {
    this.isReportModalActive = false;
+    // @ts-ignore
+    this.$refs.reportModal.close();
    if (!this.event.organizerActor) return;
    const eventTitle = this.event.title;
+    let reporterId = null;
+    if (this.currentActor.id) {
+      reporterId = this.currentActor.id;
+    } else {
+      if (this.config.anonymous.reports.allowed) {
+        reporterId = this.config.anonymous.actorId;
+      }
+    }
+    if (!reporterId) return;
    try {
      await this.$apollo.mutate<IReport>({
        mutation: CREATE_REPORT,
        variables: {
          eventId: this.event.id,
-          reporterId: this.currentActor.id,
+          reporterId,
          reportedId: this.event.organizerActor.id,
          content,
          forward,
@ -996,6 +1007,12 @@ export default class Event extends EventMixin {
    await removeAnonymousParticipation(this.uuid);
    this.anonymousParticipation = null;
  }
+
+  get ableToReport(): boolean {
+    return (
+      this.config && (this.currentActor.id != undefined || this.config.anonymous.reports.allowed)
+    );
+  }
 }
 </script>
 <style lang="scss" scoped>
--- a/js/src/views/Home.vue
+++ b/js/src/views/Home.vue
@ -154,7 +154,7 @@ import Subtitle from "../components/Utils/Subtitle.vue";
        };
      },
      update: (data) =>
-        data.loggedUser.participations.map(
+        data.loggedUser.participations.elements.map(
          (participation: IParticipant) => new Participant(participation)
        ),
      skip() {
--- a/lib/graphql/resolvers/config.ex
+++ b/lib/graphql/resolvers/config.ex
@ -89,6 +89,9 @@ defmodule Mobilizon.GraphQL.Resolvers.Config do
            }
          }
        },
+        reports: %{
+          allowed: Config.anonymous_reporting?()
+        },
        actor_id: Config.anonymous_actor_id()
      },
      geocoding: %{
--- a/lib/graphql/resolvers/event.ex
+++ b/lib/graphql/resolvers/event.ex
@ -60,9 +60,10 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
    end
  end

-  def check_event_access(%Event{local: true}), do: true
+  @spec check_event_access(Event.t()) :: boolean()
+  defp check_event_access(%Event{local: true}), do: true

-  def check_event_access(%Event{url: url}) do
+  defp check_event_access(%Event{url: url}) do
    relay_actor_id = Config.relay_actor_id()
    Events.check_if_event_has_instance_follow(url, relay_actor_id)
  end
--- a/lib/graphql/resolvers/report.ex
+++ b/lib/graphql/resolvers/report.ex
@ -7,6 +7,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Report do

  alias Mobilizon.Actors
  alias Mobilizon.Actors.Actor
+  alias Mobilizon.Config
  alias Mobilizon.Reports
  alias Mobilizon.Reports.{Note, Report}
  alias Mobilizon.Users.User
@ -47,7 +48,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Report do
  def create_report(
        _parent,
        %{reporter_id: reporter_id} = args,
-        %{context: %{current_user: user}} = _resolution
+        %{context: %{current_user: %User{} = user}} = _resolution
      ) do
    with {:is_owned, %Actor{}} <- User.owns_actor(user, reporter_id),
         {:ok, _, %Report{} = report} <- API.Reports.report(args) do
@ -61,6 +62,31 @@ defmodule Mobilizon.GraphQL.Resolvers.Report do
    end
  end

+  @doc """
+  Create a report anonymously if allowed
+  """
+  def create_report(
+        _parent,
+        %{reporter_id: reporter_id} = args,
+        _resolution
+      ) do
+    with {:anonymous_reporting_allowed, true} <-
+           {:anonymous_reporting_allowed, Config.anonymous_reporting?()},
+         {:wrong_id, true} <- {:wrong_id, reporter_id == to_string(Config.anonymous_actor_id())},
+         {:ok, _, %Report{} = report} <- API.Reports.report(args) do
+      {:ok, report}
+    else
+      {:anonymous_reporting_allowed, _} ->
+        {:error, "You need to be logged-in to create reports"}
+
+      {:wrong_id, _} ->
+        {:error, "Reporter ID is not the anonymous actor id"}
+
+      _error ->
+        {:error, "Error while saving report"}
+    end
+  end
+
  def create_report(_parent, _args, _resolution) do
    {:error, "You need to be logged-in to create reports"}
  end
--- a/lib/graphql/schema/config.ex
+++ b/lib/graphql/schema/config.ex
@ -59,6 +59,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
  object :anonymous do
    field(:participation, :anonymous_participation)
    field(:event_creation, :anonymous_event_creation)
+    field(:reports, :anonymous_reports)
    field(:actor_id, :id)
  end

@ -100,6 +101,10 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
    field(:enabled, :boolean)
  end

+  object :anonymous_reports do
+    field(:allowed, :boolean)
+  end
+
  object :resource_provider do
    field(:type, :string)
    field(:endpoint, :string)
--- a/lib/mobilizon/config.ex
+++ b/lib/mobilizon/config.ex
@ -139,6 +139,10 @@ defmodule Mobilizon.Config do
        :enabled
      ]

+  @spec anonymous_reporting? :: boolean
+  def anonymous_reporting?,
+    do: Application.get_env(:mobilizon, :anonymous)[:reports][:allowed]
+
  def instance_resource_providers do
    types = get_in(Application.get_env(:mobilizon, Mobilizon.Service.ResourceProviders), [:types])

--- a/test/graphql/resolvers/report_test.exs
+++ b/test/graphql/resolvers/report_test.exs
@ -1,9 +1,11 @@
 defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
  use Mobilizon.Web.ConnCase
+  use Mobilizon.Tests.Helpers

  import Mobilizon.Factory

  alias Mobilizon.Actors.Actor
+  alias Mobilizon.Config
  alias Mobilizon.Events.Event
  alias Mobilizon.Reports.{Note, Report}
  alias Mobilizon.Users.User
@ -11,67 +13,124 @@ defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
  alias Mobilizon.GraphQL.AbsintheHelpers

  describe "Resolver: Report a content" do
+    @create_report_mutation """
+    mutation CreateReport($reporterId: ID!, $reportedId: ID!, $eventId: ID, $content: String) {
+      createReport(
+        reporterId: $reporterId,
+        reportedId: $reportedId,
+        eventId: $eventId,
+        content: $content
+      ) {
+          content,
+          reporter {
+            id
+          },
+          event {
+            id
+          },
+          status
+        }
+      }
+    """
+
+    clear_config([:anonymous, :reports])
+
+    setup %{conn: conn} do
+      Mobilizon.Config.clear_config_cache()
+      anonymous_actor_id = Config.anonymous_actor_id()
+      {:ok, conn: conn, anonymous_actor_id: anonymous_actor_id}
+    end
+
    test "create_report/3 creates a report", %{conn: conn} do
      %User{} = user_reporter = insert(:user)
      %Actor{} = reporter = insert(:actor, user: user_reporter)
      %Actor{} = reported = insert(:actor)
      %Event{} = event = insert(:event, organizer_actor: reported)

-      mutation = """
-          mutation {
-            createReport(
-              reporter_id: #{reporter.id},
-              reported_id: #{reported.id},
-              event_id: #{event.id},
-              content: "This is an issue"
-            ) {
-                content,
-                reporter {
-                  id
-                },
-                event {
-                  id
-                },
-                status
-              }
-            }
-      """
-
      res =
        conn
        |> auth_conn(user_reporter)
-        |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
+        |> AbsintheHelpers.graphql_query(
+          query: @create_report_mutation,
+          variables: %{
+            reportedId: reported.id,
+            reporterId: reporter.id,
+            eventId: event.id,
+            content: "This is an issue"
+          }
+        )

-      assert json_response(res, 200)["errors"] == nil
-      assert json_response(res, 200)["data"]["createReport"]["content"] == "This is an issue"
-      assert json_response(res, 200)["data"]["createReport"]["status"] == "OPEN"
-      assert json_response(res, 200)["data"]["createReport"]["event"]["id"] == to_string(event.id)
+      assert res["errors"] == nil
+      assert res["data"]["createReport"]["content"] == "This is an issue"
+      assert res["data"]["createReport"]["status"] == "OPEN"
+      assert res["data"]["createReport"]["event"]["id"] == to_string(event.id)

-      assert json_response(res, 200)["data"]["createReport"]["reporter"]["id"] ==
+      assert res["data"]["createReport"]["reporter"]["id"] ==
               to_string(reporter.id)
    end

    test "create_report/3 without being connected doesn't create any report", %{conn: conn} do
      %Actor{} = reported = insert(:actor)

-      mutation = """
-          mutation {
-            createReport(
-              reported_id: #{reported.id},
-              reporter_id: 5,
-              content: "This is an issue"
-            ) {
-                content
-              }
-            }
-      """
+      res =
+        conn
+        |> AbsintheHelpers.graphql_query(
+          query: @create_report_mutation,
+          variables: %{
+            reportedId: reported.id,
+            reporterId: 5,
+            content: "This is an issue"
+          }
+        )
+
+      assert res["errors"] |> hd |> Map.get("message") ==
+               "You need to be logged-in to create reports"
+    end
+
+    test "create_report/3 anonymously creates a report if config has allowed", %{
+      conn: conn,
+      anonymous_actor_id: anonymous_actor_id
+    } do
+      %Actor{} = reported = insert(:actor)
+      Config.put([:anonymous, :reports, :allowed], true)

      res =
        conn
-        |> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
+        |> AbsintheHelpers.graphql_query(
+          query: @create_report_mutation,
+          variables: %{
+            reportedId: reported.id,
+            reporterId: anonymous_actor_id,
+            content: "This is an issue"
+          }
+        )

-      assert json_response(res, 200)["errors"] |> hd |> Map.get("message") ==
-               "You need to be logged-in to create reports"
+      assert is_nil(res["errors"])
+      assert res["data"]["createReport"]["content"] == "This is an issue"
+      assert res["data"]["createReport"]["status"] == "OPEN"
+
+      assert res["data"]["createReport"]["reporter"]["id"] ==
+               to_string(anonymous_actor_id)
+    end
+
+    test "create_report/3 anonymously doesn't creates a report if the anonymous actor ID is wrong",
+         %{conn: conn} do
+      %Actor{} = reported = insert(:actor)
+      Config.put([:anonymous, :reports, :allowed], true)
+
+      res =
+        conn
+        |> AbsintheHelpers.graphql_query(
+          query: @create_report_mutation,
+          variables: %{
+            reportedId: reported.id,
+            reporterId: 53,
+            content: "This is an issue"
+          }
+        )
+
+      assert res["errors"] |> hd |> Map.get("message") ==
+               "Reporter ID is not the anonymous actor id"
    end
  end